ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Restrict Internet Users access to only forgotten user/password options in Portal

book

Article ID: 226931

calendar_today

Updated On:

Products

CA Identity Suite

Issue/Introduction

We are in the process of trying to expose the Portal to the internet. 

We only want users to have access to forgot-password page and not the login page.  In IIS we are trying to block login but it will not work.  I have tried blocking "\login" in IIS from the Request Filtering section but will not work.  It seems by looking at the IIS logs the only part of the URL that gets loaded is up to index and nothing after that so I can't filter and block it.  

Example:  I want to block https://identityportal.broadcom.com/sigma/app/index#/login

and only allow
https://identityportal.broadcom.com/sigma/app/index#/forgot-password

 

 

Cause

There are no individual pages within the Identity Portal.  Portal is a 'single page web application that runs on the client side'  that is dynamically building what the end user sees based on their session information.  No valid session the Portal dynamically loads the /sigma/index#/login page, if you have a session it dynamically loads the /sigma/index#/Home page and so on. 

Since everything within the Portal is loaded from the /sigma/index page, attempting to block the root of /sigma/ or /sigma/index/ will block the entire portal including the forgotten password page. 

Environment

Release : 14.2, 14.3, 14.4

Component : SIGMA-Identity Suite

Resolution


The Portal does offer public pages which are exposed on the URL: /sigma/public/index 
This will allow you to block the entire /sigma/index page to prevent external access into the core of the Portal, and allow access to /sigma/public/ URLS for forgotten user or password actions:

https://identityportal.broadcom.com/sigma/public/index#/forgot-password